Java is used to develop full featured and very powerful corporate applications. To minimise the likelihood of security vulnerabilities caused by programmer error, Java developers must understand and adhere to best practices.
Java is used to develop full featured and very powerful corporate applications. Many of these applications do allow access to critical and confidential resources and this has made them popular targets for attack. To minimise the likelihood of security vulnerabilities caused by programmer error, Java developers must understand and adhere to best practices.
This course aims to provide the knowledge and resources required to evaluate the security of Java applications. The participants, through the understanding of theory and practical exercises carried out by them, will be able to identify critical vulnerabilities in web applications and implement the necessary corrective measures.
It is recommended that participants on the Web Application Secure Coding in Java have completed the Web Application Security Training course. Please see “Related Training”.
The course is designed for:
• Software Developers
• Quality Assurance professionals
• System Architects
• Information Security Professionals
The course is aligned with the OWASP Top 10, a world-renowned reference document which describes the most critical web application security flaws.
The topics covered include:
• General Web Application Security Concepts
• Java Security Features
• Identify security vulnerabilities in code (OWASP Top 10, SANS 25)
• Implement Security Controls
• Authentication
• Session Management
• Access control
• Input validation
• Output encoding/escaping
• Cryptography
• Error handling and logging
• Data Protection
• HTTP security
• Incorporate security into the development process
Format: The course combines theory and hands-on practical exercises. The participants learn to identify vulnerabilities in a dummy Java web application purpose-built and containing the bugs and coding errors they have learned about. This provides an ideal ‘real-life’ opportunity to exploit these vulnerabilities using different open source tools and techniques in a safe environment.
Duration: 1 day (8 hours)
Senior Official ISC2 Authorised Instructor for CISSP, CCSP, CSSLP and SSCP
Fabio Cerullo, CISSP, CCSP, CSSLP, SSCP, is the Managing Director of Cycubix Ltd., where he leads cybersecurity consulting, compliance programs and professional training services for organisations across a wide range of industries. His work spans secure engineering, cloud security and guidance on major regulatory and certification requirements including ISO 27001, SOC2, FedRAMP, NIS2, PCI and GDPR.
He also serves as an ISC2 Senior Authorised Instructor, delivering advanced courses that help security and engineering teams build practical skills in cloud security, software security and information risk management. His cloud expertise is reinforced by his AWS Certified Solutions Architect and AWS Security Specialty certifications and hands-on experience advising organisations on secure architecture and cloud-native security practices.
He is an active contributor to the OWASP Foundation, regularly providing training, speaking at industry events and supporting community initiatives focused on modern application security. He volunteers as Google Summer of Code administrator, mentoring new students into the cybersecurity field and guiding them through their first contributions to open source security projects.
Originally from Argentina and now based in Ireland, he holds a master’s degree in computer engineering. His interests include emerging technologies, with a particular focus on AI risks and secure AI engineering. Outside of his professional work he enjoys spending time with his family, running outdoors, and actively supporting initiatives that aim to make high-quality cyber-security education accessible to a broader audience.
Fabio Cerullo, CISSP, CCSP, CSSLP, SSCP, is the Managing Director of Cycubix Ltd., where he leads cybersecurity consulting, compliance programs and professional training services for organisations across a wide range of industries. His work spans secure engineering, cloud security and guidance on major regulatory and certification requirements including ISO 27001, SOC2, FedRAMP, NIS2, PCI and GDPR.
He also serves as an ISC2 Senior Authorised Instructor, delivering advanced courses that help security and engineering teams build practical skills in cloud security, software security and information risk management. His cloud expertise is reinforced by his AWS Certified Solutions Architect and AWS Security Specialty certifications and hands-on experience advising organisations on secure architecture and cloud-native security practices.
He is an active contributor to the OWASP Foundation, regularly providing training, speaking at industry events and supporting community initiatives focused on modern application security. He volunteers as Google Summer of Code administrator, mentoring new students into the cybersecurity field and guiding them through their first contributions to open source security projects.
Originally from Argentina and now based in Ireland, he holds a master’s degree in computer engineering. His interests include emerging technologies, with a particular focus on AI risks and secure AI engineering. Outside of his professional work he enjoys spending time with his family, running outdoors, and actively supporting initiatives that aim to make high-quality cyber-security education accessible to a broader audience.
.NET provides unprecedented flexibility and productivity to web application developers. Application developers are responsible for understanding the limitations of .NET and adopting best practices to ensure that their code is secure.
Learn to identify, analyse, and understand real-world web vulnerabilities. This hands-on course, aligned with the OWASP Top 10 2025, empowers professionals to spot and assess security risks—human or AI-generated—before they reach production.
Security must be an integral part of the development process and consider risks in a focused and efficient way. Including threat modeling in the application life cycle ensures that applications are developed with security built-in from inception.
The PCI DSS enhances the security of cardholder data. Applications handling payment information must be secure. This course equips developers with the skills to code defensively and meet the secure coding and application security requirements of PCI
